Tag: authentication bypass vulnerability

Progress MOVEit Transfer Authentication Bypass Vulnerability (CVE-2024-5806)

Posted by Author Diksha Ojha on Posted on

Progress Software has released patches to address a critical severity vulnerability impacting MOVEit File Transfer. Tracked as CVE-2024-5806, the vulnerability has a CVSS score of 9.1. This is an improper authentication vulnerability that exists in the SFTP module of the MOVEit Transfer. Successful exploitation of the vulnerability may lead to an authentication bypass.

Fortra Tripwire Enterprise Authentication Bypass Vulnerability (CVE-2024-4332)

Posted by Author Diksha Ojha on Posted on

Fortra released a security advisory to address a vulnerability impacting Tripwire Enterprise. Tracked as CVE-2024-4332, the vulnerability has been given a critical severity rating with a CVSS score of 9.8. Successful exploitation of the vulnerability could allow remote attackers to gain privileged access to the APIs.

Progress Telerik Report Server Authentication Bypass Vulnerability (CVE-2024-4358)

Posted by Author Diksha Ojha on Posted on

A security researcher at Trend Micro Zero Day Initiative discovered a vulnerability in the Progress Telerik Report Server. CVE-2024-4358 is a critical severity vulnerability allowing an unauthenticated, remote attacker to bypass security restrictions and gain access to Telerik Report server-restricted functionality.

Veeam Backup and Replication Authentication Bypass Vulnerability (CVE-2024-29849)

Posted by Author Diksha Ojha on Posted on

Veeam released a security advisory to address four vulnerabilities of different severity ratings. All the vulnerabilities impact Veeam Backup and Replication. One of the four vulnerabilities, CVE-2024-29849, is rated as critical with a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an unauthenticated attacker to log in to the Veeam Backup Enterprise … Continue reading “Veeam Backup and Replication Authentication Bypass Vulnerability (CVE-2024-29849)”

Ivanti Connect Secure and Ivanti Policy Secure XML External Entity (XXE) Vulnerability (CVE-2024-22024)

Posted by Author Diksha Ojha on Posted on

Ivanti has warned users to patch an XML external entity vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways. CVE-2024-22024 may allow an attacker to access certain restricted resources without authentication. Ivanti has mentioned in the advisory, “We have no evidence of this vulnerability being exploited in the wild as it was found during our internal review … Continue reading “Ivanti Connect Secure and Ivanti Policy Secure XML External Entity (XXE) Vulnerability (CVE-2024-22024)”

GoAnywhere Managed File Transfer (MFT) Authentication Bypass Vulnerability (CVE-2024-0204)

Posted by Author Diksha Ojha on Posted on

Security researchers at Spark Engineering Consultants have discovered an authentication bypass vulnerability in GoAnywhere Managed File Transfer. Tracked as CVE-2024-0204, the vulnerability has a critical severity and a CVSS score of 9.8. The vulnerability allows an unauthorized user to create an admin user via the administration portal.

Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Vulnerabilities Exploited in the Wild (CVE-2023-46805 & CVE-2024-21887)

Posted by Author Diksha Ojha on Posted on

The security research team at Veloxity identified an active exploitation of two vulnerabilities (CVE-2023-46805 & CVE-2024-21887) impacting Ivanti Connect Secure VPN devices. When chained together, the vulnerabilities may allow attackers to transmit malicious requests and execute arbitrary commands on a targeted system. According to the research, a Chinese nation-state-level threat actor has exploited the vulnerabilities. … Continue reading “Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Vulnerabilities Exploited in the Wild (CVE-2023-46805 & CVE-2024-21887)”